When configuring MAC address table
management, go to these sections for information you are interested in:
l
Overview
l
Configuring
MAC Address Table Management
l
Displaying
MAC Address Table Information
l
Configuration
Example
l
This chapter describes the management of static,
dynamic, and blackhole MAC address entries. For information about the
management of multicast MAC address entries, refer to the part related to
multicast protocol.
l
The function of destination MAC address triggered
update was introduced. For more information, refer to Enabling Destination MAC Address Triggered
Update.
l
The function of assigning MAC addresses to
Ethernet ports was introduced. For more information, refer to Assigning MAC Addresses for Ethernet
Ports.
1.1 Overview
An Ethernet switch is mainly used to
forward packets at the data link layer, that is, transmit the packets to the
corresponding ports according to the destination MAC address of the packets. To
forward packets quickly, a switch maintains a MAC address table, which is a Layer
2 address table recording the MAC address-to-forwarding port association. Each entry
in a MAC address table contains the following fields:
l
Destination MAC address
l
ID of the VLAN which a port belongs to
l
Forwarding egress port numbers on the local
switch
When forwarding a packet, an Ethernet
switch adopts one of the two forwarding methods based upon the MAC address
table entries.
l
Unicast forwarding: If the destination MAC
address carried in the packet is included in a MAC address table entry, the
switch forwards the packet through the forwarding egress port in the entry.
l
Broadcast forwarding: If the destination MAC
address carried in the packet is not included in the MAC address table, the
switch broadcasts the packet to all ports except the one receiving the packet.
MAC address table entries can be updated
and maintained through the following two ways:
l
Manual configuration
l
MAC address learning
Generally, the majority of MAC address
entries are created and maintained through MAC address learning. The following
describes the MAC address learning process of a switch:
1)
As shown in Figure 1-1, User A and User B are both in
VLAN 1. When User A communicates with User B, the packet from User A needs to
be transmitted to GigabitEthernet 1/0/1. At this time, the switch records the
source MAC address of the packet, that is, the address MAC-A of User A to the
MAC address table of the switch, forming an entry shown in Figure 1-2.
Figure 1-1 MAC address learning diagram
(1)
Figure 1-2 MAC address table entry of the
switch (1)
2)
After learning the MAC address of User A, the switch
starts to forward the packet. Because there is no MAC address and port
information of User B in the existing MAC address table, the switch forwards
the packet to all ports except GigabitEthernet 1/0/1 to ensure that User B can
receive the packet.
Figure
1-3 MAC address learning diagram (2)
3)
Because the switch broadcasts the packet, both
User B and User C can receive the packet. However, User C is not the
destination device of the packet, and therefore does not process the packet. Normally,
User B will respond to User A, as shown in Figure 1-4. When the response packet from
User B is sent to GigabitEthernet 1/0/4, the switch records the association
between the MAC address of User B and the corresponding port to the MAC address
table of the switch.
Figure 1-4 MAC address learning diagram
(3)
4)
At this time, the MAC address table of the
switch includes two forwarding entries shown in Figure 1-5. When forwarding the response
packet, the switch unicasts the packet instead of broadcasting it to User A
through GigabitEthernet 1/0/1, because MAC-A is already in the MAC address
table.
Figure 1-5 MAC address table entries of
the switch (2)
5)
After this interaction, the switch directly unicasts
the packets destined for User A and User B based on the corresponding MAC
address table entries.
l
Under some special circumstances, for example,
User B is unreachable or User B receives the packet but does not respond to it,
the switch cannot learn the MAC address of User B. Hence, the switch still
broadcasts the packets destined for User B.
l
The switch learns only unicast addresses by
using the MAC address learning mechanism but directly drops any packet with a
broadcast source MAC address.
I. Aging of MAC address table
To fully utilize a MAC address table, which
has a limited capacity, the switch uses an aging mechanism for updating the
table. That is, the switch starts an aging timer for an entry when dynamically
creating the entry. The switch removes the MAC address entry if no more packets
with the MAC address recorded in the entry are received within the aging time.
l
The MAC address aging timer only takes effect on
dynamic MAC address entries.
l
With the destination MAC address triggered update
function enabled, when a switch finds a packet with a destination address matching
one MAC address entry within the aging time, it updates the entry and restarts
the aging timer.
II. Entries in a MAC address table
Entries in a MAC address table fall into
the following categories according to their characteristics and configuration
methods:
l
Static MAC address entry: Also known as
permanent MAC address entry. This type of MAC address entries are added/removed
manually and can not age out by themselves. Using static MAC address entries can
reduce broadcast packets remarkably and are suitable for networks where network
devices seldom change.
l
Dynamic MAC address entry: This type of MAC
address entries age out after the configured aging time. They are generated by
the MAC address learning mechanism or configured manually.
l
Blackhole MAC address entry: This type of MAC
address entries are configured manually. A switch discards the packets destined
for or originated from the MAC addresses contained in blackhole MAC address
entries.
Table 1-1 lists the different
types of MAC address entries and their characteristics.
Table 1-1 Characteristics of different
types of MAC address entries
|
MAC address entry
|
Configuration method
|
Aging time
|
Reserved or not at reboot (if the
configuration is saved)
|
|
Static MAC address entry
|
Manually configured
|
Unavailable
|
Yes
|
|
Dynamic MAC address entry
|
Manually configured or generated by MAC
address learning mechanism
|
Available
|
No
|
|
Blackhole MAC address entry
|
Manually configured
|
Unavailable
|
Yes
|
Complete the following tasks to configure
MAC address table management:
You can add, modify, or remove a MAC
address entry, remove all MAC address entries concerning a specific port, or
remove specific type of MAC address entries (dynamic or static MAC address
entries).
You can add a MAC address entry in either
system view or Ethernet port view.
I. Adding a MAC address entry in
system view
Follow these steps
to add a MAC address entry in system view:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Add a MAC address entry
|
mac-address { static | dynamic | blackhole } mac-address
interface interface-type interface-number vlan
vlan-id
|
Required
|
Caution:
l
When you add a MAC address entry, the port
specified by the interface argument must belong to the VLAN specified by
the vlan argument in the command. Otherwise, the entry will not be
added.
l
If the VLAN specified by the vlan argument
is a dynamic VLAN, after a static MAC address is added, it will become a static
VLAN.
II. Adding a MAC address entry in
Ethernet port view
Follow these steps
to add a MAC address entry in Ethernet port view:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Add a MAC address entry
|
mac-address { static | dynamic | blackhole } mac-address
vlan vlan-id
|
Required
|
Caution:
l
When you add a MAC address entry, the current port
must belong to the VLAN specified by the vlan argument in the command.
Otherwise, the entry will not be added.
l
If the VLAN specified by the vlan argument
is a dynamic VLAN, after a static MAC address is added, it will become a static
VLAN.
Setting an appropriate MAC address aging
timer is important for the switch to run efficiently.
l
If the aging timer is set too long, excessive
invalid MAC address entries maintained by the switch may fill up the MAC
address table. This prevents the MAC address table from being updated with
network changes in time.
l
If the aging timer is set too short, the switch
may remove valid MAC address entries. This decreases the forwarding performance
of the switch.
Follow these steps
to set aging time of MAC address entries:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Set the MAC address aging timer
|
mac-address timer { aging age | no-aging }
|
Required
The default is 300 seconds.
|
Normally, you are recommended to use the
default aging timer, namely, 300 seconds. The no-aging keyword specifies
that MAC address entries never age out.
MAC address aging configuration
applies to all ports, but only takes effect on dynamic MAC addresses, which are
either learnt or configured.
1.2.4 Setting
the Maximum Number of MAC Addresses a Port Can Learn
The MAC address learning mechanism enables
an Ethernet switch to acquire the MAC addresses of the network devices on the
segment connected to the ports of the switch. By searching the MAC address
table, the switch directly forwards the packets destined for these MAC
addresses through the hardware, improving the forwarding efficiency. A MAC
address table too big in size may prolong the time for searching MAC address
entries, thus decreasing the forwarding performance of the switch.
By setting the maximum number of MAC
addresses that can be learnt from individual ports, the administrator can
control the number of the MAC address entries the MAC address table can
dynamically maintain. When the number of the MAC address entries learnt from a
port reaches the set value, the port stops learning MAC addresses.
Follow these steps
to set the maximum number of MAC addresses a port can learn:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Set the maximum number of MAC addresses
the port can learn
|
mac-address max-mac-count count
|
Required
By default, the number of the MAC
addresses a port can learn is not limited.
|
If you have
configured the maximum number of MAC addresses that a port can learn, you cannot
enable the MAC address authentication or port security functions on the port,
and vice versa.
By default, a switch updates its MAC
address entries based on the source MAC addresses of packets. However, this may
cause the switch to perform unnecessary broadcasts in some applications. For
example, when a port aggregation group is used in an IRF fabric for communications,
MAC address entries of some ports in the aggregation group may not be updated
in time, resulting in unnecessary broadcasts.
The destination MAC address triggered update
function solves the above problem by allowing the switch to update its MAC address
entries according to destination MAC addresses in addition to source MAC
addresses. This function improves the availability of the MAC address table.
Follow these
steps to enable destination MAC address triggered update:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Enable destination MAC address triggered
update
|
mac-address aging destination-hit
enable
|
Required
Disabled by default
|
By default, no Ethernet port of an S5600
switch is configured with a MAC address. Therefore, when the switch sends Layer
2 protocol packets, for example, BPDUs of STP, it uses the MAC address predefined
in the protocol as the source address to send the BPDUs. As switches in your
network may use the same source MAC address for Layer 2 protocol data units
(PDUs), different ports on a switch may learn the same MAC address, thus
affecting the maintenance of the MAC address table.
To avoid the problem, you are allowed to
assign MAC addresses to the Ethernet ports on an S5600 series switch. The idea
is to assign a MAC address (called the start port MAC address) for the start
Ethernet port, that is, GigabitEthernet 1/0/1, and each of the following ports
uses the MAC address of the preceding port plus 1 as its MAC address.
For example, if you configure 000f-e200-0001
as the start port MAC address, then port GigabitEthernet 1/0/2 will take MAC
address 000f-e200-0002, and so on.
Follow these steps to configure the start port
MAC address:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure the start port MAC address
|
port-mac start-mac-address
|
Required
No start port MAC address is configured
by default.
|
The start port MAC
address must be a valid unicast address.
With the port MAC address configuration,
the switch uses the MAC address of a port as the source MAC address when
sending the following Layer 2 PDUs out of the port:
l
LACP
l
STP
l
NDP/NTDP
l
GVRP
l
DLDP
Port MAC address configuration does not
affect service packet forwarding.
|
To do…
|
Use the command…
|
Remarks
|
|
Display information about the MAC address
table
|
display mac-address [ display-option ]
|
Available in any view
|
|
Display the aging time of the dynamic MAC
address entries in the MAC address table
|
display mac-address aging-time
|
|
Display the configured start port MAC
address
|
display port-mac
|
I. Network requirements
The server connects to the switch through GigabitEthernet
1/0/2. To prevent the switch from broadcasting packets destined for the server,
it is required to add the MAC address of the server to the MAC address table of
the switch, which then forwards packets destined for the server through GigabitEthernet
1/0/2.
l
The MAC address of the server is 000f-e20f-dc71.
l
Port GigabitEthernet 1/0/2 belongs to VLAN 1.
II. Configuration procedure
# Enter system view.
<Sysname> system-view
[Sysname]
# Add a MAC address, with the VLAN, ports,
and states specified.
[Sysname] mac-address static 000f-e20f-dc71
interface GigabitEthernet 1/0/2 vlan 1
# Display information about the current MAC
address table.
[Sysname] display mac-address interface GigabitEthernet 1/0/2
Unit 1
MAC ADDR VLAN ID STATE
PORT INDEX AGING TIME(s)
000f-e20f-dc71 1 Config static
GigabitEthernet1/0/2 NOAGED
000f-e20f-a7d6 1 Learned
GigabitEthernet1/0/2 AGING
000f-e20f-b1fb 1 Learned
GigabitEthernet1/0/2 AGING
000f-e20f-f116 1 Learned
GigabitEthernet1/0/2 AGING
--- 4 mac address(es) found on port
GigabitEthernet1/0/2 ---
